A copy of the Sophos Installer application and the Sophos Installer Components directory from your Sophos server. The Sophos installer application should be available inside from your Sophos Enterprise server using an address similar to that shown below:

1. Connect to the following server address (substitute the hostname of your server where appropriate):

smb://sophos.server.address.here/SophosUpdate/CIDs/S000

2. Copy the ESCOSX folder available on that fileshare from your Sophos server to somewhere convenient on your Mac.

3. Open Terminal.

4. Change directory location with the following command:

cd /path/to/ESCOSX/Sophos\ Installer.app/Contents/MacOS

5. Run the following command to configure the Sophos installer with the needed credentials for your Sophos Enterprise server, with the fallback option of updating from the update feed hosted by Sophos:

Note: If your username contains special characters, use quotes around the username. For example, if the PrimaryServerUserName value is an Active Directory account where you need to include the domain, the PrimaryServerUserName value should look like this:

-PrimaryServerUserName "DOMAIN\username_goes_here"

6. Running the CreateUpdatePreconfig command should produce output similar to that shown below:

7. As part of running the CreateUpdatePreconfig tool, an updateconfig.plist file is created in /path/to/ESCOSX/Sophos Installer Components. This stores the login information for your Sophos server.

Once the updateconfig.plist file has been created, a standard Apple installer package can now be created to install Sophos.

3. Once the Packages project opens, click on the Project tab. You’ll want to make sure that the your information is correctly set here (if you don’t know what to put in, check the Help menu for the Packages User Guide. The information you need is in Chapter 4 – Configuring a project.)

In this example, I’m not changing any of the options from what is set by default.

4. Next, click on the Settings tab. In the case of my project, I want to install with root privileges and not require a logout, restart or shutdown.

To accomplish this, I’m choosing the following options in the Settings section:

In the Post-Installation Behavior section, set On Success: to Do Nothing
In the Options section, check the box for Require admin password for installation.

5. Click on the Scripts tab in your Packages project.

6. Select the Sophos Installer application and its associated Sophos Installer Components directory and drag it into the Additional Resources section of your Packages project.

7. The last piece is doing an automated uninstall of any existing Sophos installations, then installing a fresh copy of Sophos with the pre-configured autoupdate settings.

For this, you’ll need a preinstall script and postinstall script. Here are the ones I’m using:

Preinstall:

Postinstall:

8. Once you’ve got the preinstall and postinstall scripts built, run the following command to make the script executable:

sudo chmod a+x /path/to/preinstall

sudo chmod a+x /path/to/postinstall

9. Once completed, add the preinstall and postinstall scripts to your Packages project.

10. Last step, go ahead and build the package. (If you don’t know to build, check the Help menu for the Packages User Guide. The information you need is in Chapter 3 – Creating a raw package project and Chapter 10 – Building a project.)

Testing the installer

Once the package has been built, test it by taking it to a test machine that does not have Sophos and install it. The end result should be that Sophos Anti-Virus installs properly and has the pre-configured settings for your Sophos Enterprise server included automatically.

Hi There
Thanks for this info.
In our environment the Sophos Console is set to apply settings and manage a machine based on the OU container in AD. This means i don’t need to pre-configure the auto-update settings.
In this case is it possible to use Composer to capture the install?

The installer seems to work fine if ran manually. The only issue I’m running into is that it seems to create the following directory /Builds. It has rwxr-x— rights and is owned by root:wheel. The bizarre thing is that I’m installing this package on firstboot after restart with Casper Imaging. Is this something you’ve seen before? OS in question is OS X 10.10.4.

OK, worked it out from looking through the other walk throughs. Added to the postinstall script the replacing of com.sophos.sau.plist and also added
# Adding logging for found items
sudo defaults write /Library/Preferences/com.sophos.sav LogIntoSyslog -bool TRUE
sudo defaults write /Library/Preferences/com.sophos.sav LogFileLimit -int 30
# Not sure this is needed but converts the plist back to xml format
sudo plutil -convert xml1 /Library/Preferences/com.sophos.sav.plist

You mention using quotes if you have a username with special characters, but what do you do with a password with special characters? Our password for the service account we use for Sophos has special characters in it – I tried using quotes but this did not work, so how do we escape the special characters for the password?

Since quoting around the password with special characters should resolve the problem.
Have you seen any performance updating issues using SMB? Are you running any delay servers? We have seen some inconsistent updating behaviors and wonder if it is related to moving to a primary http update source. Thanks…great work as always.

Is anyone having success packaging 9.6.2? I have tried multiple times now, it packages fine with no errors, and the installer goes through authentication ok, gets about 30% through the progress bar (writing files), then just fails with “The Installation Failed. The installer encountered an error that caused the installation to fail….” I can’t find anything wrong with how i’m configured (1 local server, username in quotes and password in single quotes, plus direct sophos download option).

Hey Andrey, I’ve also followed these steps completely. Sophos installs fine, it even puts in the correct repo and updates files from the primary server…However, it never reports to the SEC. It sees the computers pulled from AD with Centrify, and I have don both OU and firewall/port troubleshooting.My original package I did back in 2016 worked fine, though now something has changed. The “rms” folder does not appear in new installations, and I suspect this may be the cause. I’ve tried talking to Sophos support, but they keep telling me my ports aren’t open and that just isn’t the case. Should there be an additional agent.config in the rms folder from the ESCOSX? I’m finding it troublesome to get exact information from Sophos. Any information would be helpful.